From: Kalle Valo <kvalo@codeaurora.org>
To: Pkshih <pkshih@realtek.com>
Cc: "labbott\@redhat.com" <labbott@redhat.com>,
"linux-wireless\@vger.kernel.org"
<linux-wireless@vger.kernel.org>,
"davem\@davemloft.net" <davem@davemloft.net>,
"netdev\@vger.kernel.org" <netdev@vger.kernel.org>,
"linux-kernel\@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"nico\@semmle.com" <nico@semmle.com>
Subject: Re: [PATCH v2] rtlwifi: Fix potential overflow on P2P code
Date: Sat, 19 Oct 2019 13:57:31 +0300 [thread overview]
Message-ID: <87wod1vw84.fsf@kamboji.qca.qualcomm.com> (raw)
In-Reply-To: <1571402142.1994.6.camel@realtek.com> (pkshih@realtek.com's message of "Fri, 18 Oct 2019 12:35:43 +0000")
Pkshih <pkshih@realtek.com> writes:
> On Fri, 2019-10-18 at 07:43 -0400, Laura Abbott wrote:
>> Nicolas Waisman noticed that even though noa_len is checked for
>> a compatible length it's still possible to overrun the buffers
>> of p2pinfo since there's no check on the upper bound of noa_num.
>> Bound noa_num against P2P_MAX_NOA_NUM.
>>
>> Reported-by: Nicolas Waisman <nico@semmle.com>
>> Signed-off-by: Laura Abbott <labbott@redhat.com>
>
> Acked-by: Ping-Ke Shih <pkshih@realtek.com>
> and Please CC to stable
> Cc: Stable <stable@vger.kernel.org> # 4.4+
>
> ---
>
> Hi Kalle,
>
> This bug was existing since v3.10, and directory of wireless drivers were
> moved at v4.4. Do I need send another patch to fix this issue for longterm
> kernel v3.16.75?
Yeah, I think you need to send a separate patch to the stable list
(after this commit is in Linus' tree).
--
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
next prev parent reply other threads:[~2019-10-19 10:58 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-18 11:43 [PATCH v2] rtlwifi: Fix potential overflow on P2P code Laura Abbott
2019-10-18 12:35 ` Pkshih
2019-10-19 10:57 ` Kalle Valo [this message]
2019-10-19 10:51 ` Kalle Valo
2019-10-19 19:02 ` Laura Abbott
2019-10-20 6:18 ` Kalle Valo
2019-10-23 10:31 ` Kalle Valo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87wod1vw84.fsf@kamboji.qca.qualcomm.com \
--to=kvalo@codeaurora.org \
--cc=davem@davemloft.net \
--cc=labbott@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=nico@semmle.com \
--cc=pkshih@realtek.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.